Tag Archives: Preventing Identity Theft

Post navigation

If you haven’t already, the first, best, and fastest way to protect yourself from the Equifax data breach is to place a security freeze on your credit files at the big three credit reporting bureaus.

Consumers should apply the freeze to Equifax, and also to Experian, and TransUnion. For extra security, you can apply a freeze to a fourth, lesser-known consumer reporting agency, Innovis.

You can do this by contacting each bureau either through their website or through the customer service number. There may be a fee for placing the freeze.

Equifax stated it would not charge for credit freezes for those affected by the breach.

The massive data breach involves the potential compromise of the personal data of 143 million consumers, including names, addresses, Social Security numbers, and birth dates.

Equifax said in a news release that it was fixing its website so customers could more easily determine if their information had been compromised. The release also specified that the binding arbitration clause and class-action waiver were only applicable to the credit monitoring services, and did not apply to the data breach. Equifax later dropped the restrictions for the free credit-monitoring service as well, claiming that customers who sign up because of the data breach are not subject to the clause and would not be prevented from joining class action suits.

Many details about the data breach are still unclear, but the potential consequences for consumers are severe.

In addition to the credit freeze, there are four more steps to put an iron wall around your money.

Activate Two-Factor Authentication

In today’s world of digital crime and internet fraud, two-factor authentication is an important extra layer of safety. It requires not just a password but a second element, such as a code texted to your smart phone, which you have but a crook can’t easily get. Set up and activate two-factor authentication on all of your existing mobile banking, savings, credit card, home equity line of credit, and other financial accounts that offer it.

You should call your 401(k) plan provider and other investment managers to learn their fraud protection policies, as they can vary from company to company. If your investment company doesn’t explicitly reimburse stolen funds, consider moving your money elsewhere.

Place a Fraud Alert on Credit Reports

A fraud alert is different from a credit freeze. The fraud alert is a notice on your credit report that warns both current and prospective lenders that they must take reasonable steps to verify your identity before granting credit, such as a new credit card or loan, or extending credit on an existing account.

You need to request a fraud alert at one of the big three credit bureaus, which will then pass it on to the other two, and separately place another alert with Innovis. An alert lasts 90 days. If you’re an ID-theft victim, you can get a fraud alert that stays in place for seven years. But you may be better off with the 90-day alert, because that allows you to get a free credit report from each of the four credit bureaus each time you renew the alert, which means you can get up to 16 free reports per year.

Secure Your Smartphone + Email

How you manage your smartphone and email accounts can be critical to your online security. Your phone is where all your second-factor text message codes are sent and where your mobile banking and other money apps live. Email is where your financial institutions send alerts and password reset links.

Here’s how you can make your phone and email harder targets:

Activate two-factor authentication on your email account. When you log into your email on an unfamiliar computer or phone, you’ll get a text with the necessary code to complete login. A hacker would need that code, too, but can’t get it without your phone. Better yet, download an authenticator app such as Google Authenticator or Microsoft Authenticator, which generates these codes without the need for texts, which can be intercepted.

Use a password management app such as LastPass on your computer’s browser and on your phone. LastPass creates and plugs different passwords into each of your accounts when you log in, so you don’t have to invent and keep track of dozens of passwords. This eliminates the temptation of using the same password for multiple accounts, which can provide a master key for hackers.

Never click unsolicited, unexpected, or suspicious-looking links sent to you by email or text. They could download malware capable of spying on your phone or personal computer activity.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! Learn more about safeguarding your identity with our consumer identity theft protection guide.

On September 7, 2017 Equifax disclosed that they discovered a data breach on July 29, 2017 and it may have impacted 143 million consumers in the United States. Equifax is one of the 3 main organizations in the U.S. that calculates credit scores, so it has access to an extraordinary amount of personal and financial data for virtually every American adult.

The company stated that hackers accessed data between mid-May and July through a vulnerability in a web application. They were able to obtain names, Social Security Numbers, birth dates, addresses, some driver’s license numbers, and about 209,000 credit card numbers. Additionally 182,000 “dispute documents” containing personal identifying data were compromised in the breach. They have not indicated who is behind the breach and the investigation is ongoing. Equifax is maintaining that its core credit reporting databases were unaffected.

The reason why this data breach is so severe is because nearly half of the U.S. population has been impacted and most likely will feel the impact of the breach for years to come, especially when it comes to information that does not change, i.e. your Social Security Number.

Equifax has established a dedicated website, www.equifaxsecurity2017.com – to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information.

Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern standard time. In addition to the website, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.

Additional information on the data breach can be found here. To see if you may have been impacted, get started here.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today! Learn more about safeguarding your identity with our consumer identity theft protection guide.

Enroll your First Financial Debit/Credit Cards in Visa Purchase Alerts – you’ll get an email each time your Debit Card is used over an amount you set, when your card is used outside the country, or when your card is used to make a purchase online or over the phone. Credit Cardholders also have the additional option of adding a text alert, this can be set-up in Online Banking under your Credit Card account (select the Communications tab and then Visa Transaction Alerts).

As always, First Financial monitors our member accounts for suspicious activity. If you have any additional questions or concerns, please give us a call at 732.312.1500 or email us at info@firstffcu.com.

*9/11/17 Update – Please be advised that should you elect to sign up for Equifax’s one year of credit monitoring, you may be giving up your right to sue the company for the incident, and you could be prevented from joining a class-action lawsuit.

The language was laid out in the original terms of service by Equifax:

AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

On 9/11/17 Equifax provided an update on their website to state:

Adjusted the TrustedID Premier and Clarified Equifax.com
“We’ve added an FAQ to our website to confirm that enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action. We removed that language from the Terms of Use on the website, www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident. We are listening to issues consumers have experienced and their suggestions. These are helping to further inform our actions, and we are now sharing regular updates on this website. Thank you for your continued patience and feedback as we continue to improve this process.”

When it comes to your wallet – there are some things you should surely throw away, and there are others you should take out and file away immediately to prevent identity theft.

Social Security Card

It may seem obvious to not carry this with you, but many people have long kept their SS card in their wallet. But think about it, if you have your number memorized, which most of us do, when do you actually need your card? Have you ever had to present your card to someone? Carrying this information around with you is a bad idea. If the wrong person gets ahold of your social security number, you could end up with loans opened up in your name and new credit card accounts.

Passwords

It seems every website we visit now requires a password. How are we ever supposed to keep up with them all? It’s a great idea to have a cheat sheet where all your passwords are kept, but do not be tempted to keep this information in your wallet. Instead, keep your notes at your desk, locked in your phone, or filed away somewhere at home with other sensitive information.

Credit Cards

Many of us are way past the point of having a credit card just for “emergencies.” It’s hard to check out at any retail store without being asked if we’d like to “save 10% by opening up a store credit card.” No matter how many cards you have, it’s wise not to carry all of them in your wallet at once. Think about it: if your wallet is stolen or lost, would you want someone to have access to every account you have? Instead, keep one card with you for those emergencies and leave the others at home in a safe place – unless you are specifically going to that particular store. This can also keep you from making spur of the moment purchases you’ll likely regret.

Receipts

Once you get home from a store after making a purchase, decide right then if you need to hold on to the receipt. Is there a chance you’re going to return the item? If not, then toss the receipt right away. If it is a larger purchase or some type of home technology, you may want to keep the receipt until after the purchase shows on your next credit card statement, to ensure you were charged the correct amount and that the item functions properly.

Don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa today. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today!

Phone scams are nearly as old as Alexander Graham Bell, but fraudsters have invented a new trick to beware of. It’s called the “can you hear me” con.

Scammers will call your phone and ask if you can hear them, but if you answer yes, they’ll record you and use it as “proof” that you signed up for whatever fraudulent service they’re offering.

The safest thing you can do if you receive one of these calls is to simply hang up, or if you don’t know the number – don’t answer it in the first place.

When heart meets wallet – dating scam:

Nothing says I love you less than an empty bank account, yet that might be your fate if you go looking for love in all the wrong places.

According to the FBI, scammers are preying on people’s hearts and wallets in a new growing trend called romance scams. It starts off simply enough — you meet someone through the service that seems a likely match and contact is made. Things intensify quickly. It seems like a dream romance. It’s not.

Beware anyone you meet through online dating services who asks for financial gifts or favors (even if he or she is the “love of your life.”) This could be a play to get access to your checking account.

These scammers will leave you broke and broken hearted if you’re not careful. Use your head and be a bit suspicious. If it seems too good to be true, it probably is.

Don’t fall for the bait with phishing:

The chairman of Hillary Clinton’s presidential campaign, fell for a phishing scheme last year when he reportedly received an email from Google asking him to verify his account.

Unfortunately, the email wasn’t from Google, but was from a scammer — a scammer who now had all the info he needed to hack this Google account.

Software like Photoshop makes it easy for even a mediocre hacker to convince you that they are with a trusted organization like Google, your bank, or another company who handles sensitive matters for you.

Before you give over info, even basic info – remember the painful lesson learned: email isn’t secure. Never share sensitive information over email.

If you think you are the victim of a scam, don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa today. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today!

Many of us donate to a worthy cause year round. Unfortunately, just as there are good people trying to help others, there are also plenty of scammers out there. You want to feel good about where your money is going, and you want to make sure that you aren’t just lining the pockets of some fraudster. As you field phone calls and receive information from those purporting to help the less fortunate, watch out for the following red flags that might indicate you are dealing with a scam:

1. High-Pressure Phone Tactics

Someone insisting that you give money now, over the phone, is a huge red flag that you are probably dealing with a scam. Most legitimate charities don’t employ high-pressure sales tactics that make you feel like you need to donate immediately.

In some cases, scammers insist that you have to just donate, and they tell you time is too short to send you literature or let you look at a website. If a caller gets frustrated and tries to tell you that you need to donate immediately, hang up the phone.

Legit charities usually have no problem with you saying no. The caller might tell you they are under a deadline for a match, but they won’t pressure you, and once you say you need time to think about it, most legit charities will thank you and move on.

2. No Website

Who doesn’t have a website these days? Scammers, that’s who. If you get a phone call from an organization, and you can’t find a website, that’s a red flag. Most legit charities have websites that describe their mission, who they help, and even include success stories. Even local charities usually have a basic website that allows you to see where they are located and what their needs are.

If an organization doesn’t have a website, that’s an immediate red flag. That’s not to say that every worthy cause would have a website, but it simply means you need to investigate further. Legit charities want people to know they are out there and accept donations.

3. They Won’t Provide You with Their Tax ID

Charities have to apply to be tax-exempt organizations and you can call IRS to verify their legitimacy. If someone over the phone just cannot provide their Tax ID or there’s no way to find that out before you send money, then this is a major red flag. And it’s not totally safe just because they gave you a bunch of numbers either. Call 877-829-5500 to see if the charity is claiming to be who they are. This is also the definitive source for making sure your donation is tax deductible.

4. No One Wants to See You

Watch out if a caller doesn’t want to let you know where they are located. Ask to stop by if they claim to be local. Or, you can ask for a mailing address to send a donation. Legitimate charities are happy to let you have a tour or send them a donation through the mail.

Scammers, though, don’t usually have a mailing address. And they certainly don’t want you anywhere near their base of operations. When an organization comes up with an excuse as to why you can’t visit or send a donation to an address, you should watch out. There’s a good chance you’re dealing with a scammer.

If you are still unsure, you can check Charity Navigator or GuideStar for information about charities and how effective they are, including how much of their resources go toward actually helping others.

There are many worthy causes that deserve your dollar’s attention, but you need to pay attention in order for the real charities to benefit the world. Do your part by taking time to vet out the details and you won’t be sorry to hear that your donations only enriched someone without really helping those in need.

The best line of defense against identity theft is prevention, but when that fails you need to handle the situation correctly and swiftly. If you notice any mysterious purchases or your bank contacts you about confirming charges, your account may be compromised. If you believe that someone has stolen your identity, minimize the damage by following these steps.

1. Identify and close the account in question

The most common (and sometimes the only) way to discover compromised accounts is noticing fraudulent charges after they’ve posted. When you become aware of the situation, contact your financial institution as soon as possible, dispute the charges, and ask to either lock or close your account.

2. Look for other unauthorized charges

Next, you need to pull up your other accounts and scan old statements for additional charges you don’t recognize. If you find any questionable charges, call your financial institution and alert them of the problem. You may have to put a lock on a number of your accounts if your identity has in fact been stolen.

3. Review your credit report

When assessing whether you’re a victim of credit card fraud or identity theft, your last stop should be your credit report. By law, you’re entitled to at least one free credit report from each credit reporting agency every year. Request your reports and look for any account that you don’t recognize.

4. File a report with the FTC

After you have a pretty good handle on the extent of your problem, you need to file a report with the Federal Trade Commission. You only need to do this if you think that your identity has been stolen. The FTC doesn’t handle credit card fraud, so if only one account was touched you probably aren’t a victim of identity theft and don’t need to submit a report.

5. Set up a fraud alert

A fraud alert puts a red flag on your credit report and notifies both lenders and creditors that they should take extra steps to verify your identity before extending credit. All you have to do is call one of the three credit reporting agencies to place a 90-day alert on your reports. Don’t worry about any potential stigma that could come with this, it is a rather common practice nowadays.

6. Open new accounts and move forward

Most financial institutions advise opening up new accounts following identity theft, even those that might not have been compromised. After all is done, make sure that you implement preventative measures going forward. There are plenty of ways to make yourself a less likely target and they all take less work than recovering from being a victim.

Don’t wait until it’s too late! Be sure to enroll in First Financial’sIdentity Theft Protection Program from Sherpa today. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today!